What is NAT Protocol
To access information on the Internet, our computer needs an address, and this address is recognized by everyone (other hosts) and is public. This address is also called a public IP address .
In contrast, in addition to public IP addresses, there are also private IP addresses . Private IP addresses are the addresses we use in private networks, such as local area networks or internal company networks. I don't know if you haven't observed the IP address assigned by your home router. When you board the router's gateway 192.168.1.1, you will generally see some IP addresses under the assigned network, all of which are 192.168.1.x. This kind of The address is the private IP address.
So now there will be a problem. For example, the private IP address of cxuan is 192.168.1.3, and the IP address of brother cuanxi next door is also 192.168.1.3, so when they surf the Internet at the same time, will there be no IP conflict? Or tell brother cxuanxi what cxuan browsed?
This kind of problem is far from worrying, because we have a very reliable brother - NAT (Network Address Translator) , when our computer is connected to the Internet, NAT will directly translate our private address into the public IP on the Internet address, then let's take a look at this protocol and its working mechanism.
We can now define the NAT protocol, that is, the NAT protocol is a technology that converts private addresses used in the local network into public IP addresses while connecting to the Internet . In fact, not only the IP address, but also the TCP and UDP port numbers are converted, but this protocol is called the NAPT protocol. Under normal circumstances, what we call NAT actually refers to NAPT.
How NAT works
Let's talk about the specific working mechanism of NAT, as shown in the following figure.
Client A (IP 192.168.1.6) in the private network wants to send a packet to the server (IP 122.122.122.122) in the public network. When the packet goes through the NAT router, it will send its private IP 192.168.1.6 Converted to the public IP 12.34.56.78, then the source address of this packet becomes 12.34.56.78, which is sent via the Internet to the destination server with IP 122.122.122.122.
A NAT router is actually equivalent to the NAT software installed on the router. A router with NAT software is called a NAT router.
The NAT router can not only convert private IP to public IP, but also convert public IP to private IP, and this conversion is bidirectional.
Taking the above picture as an example, it means that the server 122.122.122.122 sends a data packet, this data packet is sent to the NAT router through the Internet, and the NAT router converts it into a data packet whose destination address is 192.168.1.6, and then sends it to client A .
There is a problem here, how does the server convert the public IP address of the target address into a private IP address for the data packets sent by the server?
As we mentioned in the quote above, the NAT router is actually the NAT software installed on the router, so the NAT router itself is a router device, and the router has a routing table. The routing table records some source address and destination address items. Packets are routed based on these items.
(We can use netstat -nr to display routing table information)
Therefore, the NAT router has a table used to record the translation address, which is an interpretable thing. Therefore, when the NAT router performs address translation, it will process it according to its internal mapping relationship.
The above is just a case of one client performing NAT translation, but in real life, it is impossible for only one client to communicate in our private network, so when all clients in the private network need to access the Internet and perform NAT translation, it is Doesn't the NAT router generate an IP address for each client? If private networks around the world were to switch like this, the number of public IP addresses would be under enormous pressure.
In view of this situation, the method of using IP address and port number to convert together (NAPT) is proposed, as shown in the following figure.
This general process is the same as the above NAT conversion mode. The difference is that using NAPT will convert the source addresses of client A and client B packets from 192.168.1.6:80 and 192.168.1.7:80 to 12.34.56.78:80 and 12.34.56.78:90 before sending to the target server. During the translation process, the NAT router will generate a translation table, and through the translation table, the combination of address and port can be correctly translated, so that client A and client B can communicate with the server.
The translation table is automatically generated on the NAT router. When TCP starts to establish a connection, the corresponding mapping will be generated, and when the connection is disconnected, the corresponding mapping will be deleted.
What is NAT-PT
At present, the Internet situation is that some IPv4 hosts and IPv6 hosts coexist. As a substitute for IPv4, more and more hosts have chosen to upgrade to the IPv6 protocol, but Rome was not built in a day, and it is impossible for the whole world It is unrealistic for all computers to stop for a few days to upgrade, and many services are established based on the IPv4 protocol. If the upgrade to IPv6 is not compatible, the advantages of using IPv6 will be impossible to talk about, so in order to solve this problem , resulting in the NAT-PT specification.
NAT-PT is a technology that converts IPv6 headers into IPv4 headers. Through NAT-PT, IPv6 hosts can communicate with IPv4 hosts, and some IPv4 services can also be used by IPv6 hosts.
Note that IPv6 here can only be converted to IPv4, but not reversed, so what should we do to achieve two-way communication?
A router that supports NAT-PT needs the support of DNS-ALG to realize the conversion from IPv4 to IPv6.
The NAT-PT mechanism defines the following 3 different types of operations:
Static NAT - PT
Static NAT - PT mode is primarily one-to-one mapping. The IPv4 network to be accessed by the nodes in the IPv6 network must be set in the NAT-PT device. Each destination IPv4 address is mapped in the NAT-PT device to an IPv6 address with a predefined NAT-PT prefix.
Dynamic NAT - PT
Dynamic mode also provides one-to-one mapping, but this dynamic mode has a pool of IPv4 addresses, and the number of IPv4 addresses in the pool determines the maximum number of concurrent IPv6-to-IPv4 conversions.
NAPT - PT
Network Address Port Translation – Protocol translation mode provides a many-to-one dynamic mapping between multiple NAT-PT prefixed IPv6 addresses and a source IPv4 address.
Potential problems with NAT
So far, we can infer that NAT (NAPT) is actually the most important translation table in the router. Over-reliance on the translation table will cause the following problems
- NAT cannot establish a connection from the outside to the internal server.
- There is some overhead in generating the translation table.
- Once the NAT routing encounters an abnormal situation and needs to be restarted, all TCP connections will be lost.
- Even if disaster recovery is done, the TCP connection will still be disconnected.
So how to solve these problems?
The first is to directly upgrade to IPv6, because the number of IP addresses available in the IPv6 environment has greatly expanded, and now it seems that there is nothing wrong with it. Another solution is a technique called NAT traversal .
Applications of NAT
NAT can mainly achieve the following functions: packet masquerading, load balancing, port forwarding and transparent proxy .
- Data masquerading: The address information in the intranet data packet can be changed to a unified external address information, so that the intranet host is not directly exposed to the Internet, and the security of the intranet host is guaranteed. At the same time, this function is also commonly used to achieve shared Internet access. For example, when an intranet host accesses the extranet, in order to hide the intranet topology, a global address is used instead of a private address.
- Load Balancing: Destination Address Translation NAT can redirect connections from some servers to other randomly selected servers.
- Port forwarding: When the internal network host provides services to the outside world, because the internal private IP address is used, the external network cannot directly access it. Therefore, port forwarding needs to be performed on the gateway to forward the data packets of specific services to the intranet host.
- Transparent proxy: For example, the server you set up is insufficient, and you need to point some links to the space of another server; or there is no IIS service installed on a computer, but you want netizens to access the content on this computer. At this time Using IIS's Web site redirection can easily help us get it done.
Significance of using NAT
NAT (NAPT) is actually a technology developed to solve the exhaustion of IPv4. However, with the development of IPv6, NAT is also used in IPv6 to improve network security, and NAT-PT is often used in IPv4 and IPv6 communications. However, IPv4 is also a potential threat in the security mechanism, and it is also a challenge in configuration and management. If you want to fundamentally solve the problem of IP address resources, IPv6 is the most fundamental way.
Original link: NAT protocol? ? ?
If it is helpful to you, I also hope that readers and friends can connect three times with one click!
Also, I've put together a PDF of the web myself, and I'm sharing it with you now
